Factor Cultural

The research introduces three new unique security solutions to the Mobile IPv6 environment. The first is the Distributed Authentication Protocol, which introduces much-needed authentication in a distributed form. The second is Dual Identity Return Routability, which enhances reachability verification and third Mobile Home Agents, which provide a secure and optimised method of communication to and from the Mobile Node. They have been proven to improve the security and reliability of communication between the Mobile and Correspondent Nodes however some aspects of the protocols could be improved:

8.8.1 Future work

It must be noted that the home agent may be responsible for managing several hundred addresses. Therefore there is a limit to how much it will be able to process at one time. It would have to be calculated what would be the upper limit to the amount of address the home agent can be responsible for.

It is suggested in [1] that CGA can be improved by including the routing prefix of the network into the hash function:

Interface ID = HASH64(Public Key | Routing Prefix)

This forces the attacker to perform the search separately for each prefix. Generating new public keys and regularly changing addresses increases the difficulty of brute force attacks. It is suggested in [18] that even more variables may be added in to hash to increase security such as link layer address as seen in Figure 59.

Figure 59. CGA hash function [18]

Optimisations to the transmission of packets would allow for reduced network traffic. Combining some of the messages together or finding a way of getting packets to there final destination without having to

pass through an intermediate node would be a vast improvement. A solution to this has been proposed with Mobile Home Agents.

8.8.2 Future Developments for Dual Identity Return Routability

Further work can be done in the development of Dual Identity Return Routability, which would allow for a wider adoption of devices with multiple network connections. This can be useful outside of security to allow a personal and business number to exist on the same device, which would allow the user to disable one of them if they chose to such as turning of the business identity when the user is at home. The other advantage it that in some areas cell tower coverage is limited or a telecom company may have a stronger signal. The use of two networks would allow the user to select whichever network provided a stronger signal.

8.8.3 Further work for Mobile Home Agents

Further research could be done in Mobile Home Agents in development in the migration protocols to aid in the operation of moving from point of attachment to point of attachment. This may open up possibilities in the research areas of artificial intelligence as the Mobile Home Agent will have to deal with events on its own in a foreign network.

There is a possibility that attacker could see the introduction of the Mobile Home Agent as new potential opportunity for attacks within a network if perhaps they introduced their own spoofed Mobile Home Agent. This could be prevented however with an authentication mechanism which verified the authenticity of the Mobile Home Agent perhaps by confirming with the Home Agent and Mobile Node that they are expecting the Mobile Home Agent to be operating. This could be another area of research that could be potentially looked in to.

The proposed solution of Mobile Home Agents fulfilled the requirements for location privacy, reduction in communication latency and denial of service security. However, the Mobile Home Agent does not have any direct effect on securing against false binding updates or impersonation attacks as these can still take place but with a further addition to the security protocols the Correspondent should be able to detect multiple simultaneous communication streams from apparently the same user but from different addresses and take appropriate action.

This could be a potential research area as detection of impersonation attacks could be useful in numerous fields of study and industry.

8.8.4 4G GPS Point of Attachment Location Authentication

A possible addition to the security solution would be the inclusion of GPS technology to help with location authentication. The basic premise is that the mobile node would send it’s GPS co-ordinates to

the corresponding node which would then in turn request the GPS co-ordinates from the mobile nodes current point of attachment. The co-ordinates would then be compared and if the mobile nodes co- coordinates fall within the proximity of the point of attachment then this proves that the mobile node is not spoofing its location or using proxies to access the network.

This can be combined with the other features of the distributed authentication protocol to create and even more robust security solution.

Initially this possible future security improvement may seem expensive to implement as each device and point of attachment would need a GPS system. However in reality there would be negligible cost in the implementation of this solution as more and more modern mobile devices possess GPS as a feature for use with applications such as maps or local services.

There would also be no hardware cost for the points of attachment either. This is because the vast majority of points of attachment are radio receiver/transmitters or wifi routers, which are not portable, and a physically attached to a single location. So a GPS devise would not be efficient in this case. All that would be needed is a one time calculation of the GPS co-ordinate at the position of the point of attachment. This can then be input and stored in to the routers memory for future use when required.